LIC-04-0063, Use of Encryption Software for Electronic Transmission of Safeguards Information

From kanterella
Jump to navigation Jump to search
Use of Encryption Software for Electronic Transmission of Safeguards Information
ML041540346
Person / Time
Site: Fort Calhoun Omaha Public Power District icon.png
Issue date: 05/28/2004
From: Herman J
Omaha Public Power District
To:
Document Control Desk, Office of Nuclear Reactor Regulation, Office of Nuclear Security and Incident Response
References
LIC-04-0063
Download: ML041540346 (2)
v  d  e


Text

Omaha Public Power Distnc 444 South 16th Street Afall Omaha ANE 68102-2247 May 28, 2004 LIC-04-0063 U. S. Nuclear Regulatory Commission Attention: Document Control Desk Washington, DC 20555-0001

References:

1. Docket No. 50-285
2. 10 CFR 73.21, Requirements for the protection of safeguards information.
3. NRC Regulatory Issue Summary 2002-15, NRC Approval of Commercial Data Encryption Systems for the Electronic Transmission of Safeguards Information

SUBJECT:

Use of Encryption Software for Electronic Transmission of Safeguards Information Pursuant to the requirements of 10 CFR 73.21(g)(3), the Omaha Public Power District (OPPD) requests approval to process and transmit Safeguards Information (SGI) using PGP Software (Enterprise, Corporate, or Personal) Desktop Version 8.0 or the latest validated version, developed with PGP SDK 3.0.3. National Institute of Standards and Technology Certificate 394 validates compliance of this SDK with FIPS 140-2 requirements.

An information protection system for SGI that meets the requirements of 10 CFR 73.21(b) through (i) has been established and is being maintained. Prior to the first use of encryption software for SGI material, written procedures shall be in place to describe, as a minimum: access controls; where and when encrypted communications can be made; how encryption keys, codes and passwords will be protected from compromise; actions to be taken if the encryption keys, codes or passwords are, or are suspected to have been, compromised (for example, notification of all authorized users); and how the identity and access authorization of the recipient will be verified.

OPPD intends to exchange SGI with the NRC, Nuclear Energy Institute (NEI), and other SGI holders who have received NRC approval to use PGP software. Alan J. Clark, Manager - Security and Emergency Planning is responsible for the overall implementation of the SGI encryption program at OPPD. Jean Chamberlain, Manager -

Nuclear Process Computing Services is responsible for collecting, safeguarding, and disseminating the software tools needed for encryption and disseminating the software tools needed for encryption and decryption of SGI.

Emplomnent with Equal Opportunity

U. S. Nuclear Regulatory Commission LIC-04-0063 Page 2 Pursuant to 10 CFR 73.21(g)(3), the transmission of encrypted material to other authorized SGI holders, who have received NRC approval to use PGP software, would be considered a protected telecommunications system. The transmission and dissemination of unencrypted SGI is subject to the provisions of 10 CFR 73.21(g)(1) and (2).

If you have any questions or require additional information, please contact Dr. R. L.

Jaworski at (402) 533-6833.

Sincerely,

(/ 9 fn B. Hernan anager - Nuclear Licensing JBH/TRB/trb c: Scott Morris, NRC/NISR Lynn Silvious, NRC/NSIR Louis Grosman, NRC/OCIO James Davis, NEI B. S. Mallett, NRC Regional Administrator, Region IV A. B. Wang, NRC Project Manager J. G. Kramer, NRC Senior Resident Inspector

Retrieved from "https://kanterella.com/w/index.php?title=LIC-04-0063,_Use_of_Encryption_Software_for_Electronic_Transmission_of_Safeguards_Information&oldid=2618731"